MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices

MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices

May 13, 2024 at 11:33AM

MITRE Corporation has released the EMB3D threat-modeling framework for makers of critical infrastructure embedded devices. Developed with industry collaboration, it offers a unified understanding of cyber threats, security mechanisms, and aims to produce inherently secure devices. By embracing a secure-by-design approach, it seeks to reduce exploitable flaws and preemptively counter evolving threat landscapes.

From the meeting notes, it is clear that the MITRE Corporation has introduced a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. The framework aims to provide a comprehensive understanding of cyber threats to embedded devices and the necessary security mechanisms to mitigate these threats. EMB3D is designed to be a living framework, similar to the ATT&CK framework, with continuous updates to address emerging threats and vulnerabilities in embedded devices.

The ultimate goal of EMB3D is to equip device vendors with a unified view of vulnerabilities in their technologies and the associated security measures to counter potential attacks, promoting inherently secure devices with reduced security costs. The framework supports a secure-by-design approach, allowing for the release of products with fewer exploitable flaws and default secure configurations.

The release of EMB3D is especially relevant in light of increased attacks targeting flaws in operational technology (OT) and IoT devices across various critical sectors such as food and agriculture, chemical, water treatment, manufacturing, and energy. The non-profit behind EMB3D emphasizes that the framework provides a knowledge base of cyber threats to devices, mapped to device properties for tailored threat models and accompanied by suggested technical mitigations for device vendors.

The EMB3D framework represents a significant step in enhancing the security of embedded devices in critical infrastructure environments, and its release signifies a shift towards building security into devices from the outset.

Follow the MITRE Corporation on Twitter and LinkedIn for more exclusive content and updates on EMB3D.

Full Article